[NBLUG/talk] openssh exploit?

Kyle Rankin kyle at nblug.org
Tue Sep 16 10:36:01 PDT 2003


On Tue, Sep 16, 2003 at 10:21:47AM -0700, Daniel Smith wrote:
> 
> Seen on the NYLUG list:
> -----
> 
> It seems that someone has gotten the drop on the openssh team:
> 
> http://lists.netsys.com/pipermail/full-disclosure/2003-September/010116.html
> 
> Time to start disabling root logins and testing your openssh upgrade
> savvy.
> 
> Remember, just kill the parent sshd.  Then you don't log yourself out
> 
> -Peter
> 
> ----
> 
> The page linked to mentions "lsh".  First I've heard of that.
> Anyone local care to comment on a) how serious is the openssh
> problem, and b) the idea of switching to lsh?
> 
> Daniel
> 
> 
> -- 
> Daniel L. Smith - Sonoma County, CA - AIM: SonomaDaniel
> daniel.org     blog: JavaJoint.com    resume.daniel.org

Unfortunately, I haven't seen any concrete evidence from any reputable
source on this exploit (I haven't been able to reach the page you are
linking to for the better part of this morning).  The openssh changelog
does not mention it (while it does mention a buffer overflow being patched)
and the only thing bugtraq mentions is the buffer overflow itself here:

http://www.securityfocus.com/archive/1/337662/2003-09-13/2003-09-19/0

again with no confirmation that it is exploitable.

While I agree it's better to be safe than sorry, and the patch is now
available for everyone's consumption, it's best to not get /too/ excited
about it until we know something for sure.

-- 
Kyle Rankin
NBLUG President
The North Bay Linux Users Group
http://nblug.org
IRC: greenfly at irc.freenode.net #nblug 
kyle at nblug.org



More information about the talk mailing list